PT-2017-10509 · F5 · Big-Ip Afm
Publicado
2017-12-21
·
Atualizado
2018-01-08
·
CVE-2017-0304
CVSS v2.0
5.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
BIG-IP AFM versions 12.0.0 through 13.0.0
Description
A SQL injection issue exists in the BIG-IP AFM management UI. This may allow tampering with a copy of the firewall rules, impacting the Configuration Utility until a resync of the rules occurs. However, traffic processing and the live firewall rules in use are not affected.
Recommendations
For versions 12.0.0 through 13.0.0, update to a version that includes the fix for this issue to prevent potential tampering with firewall rules.
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Big-Ip Afm